SSH Suddenly Stopped Working (Permission Denied)
I opened a support ticket and it was suggested I bring it up here. Fresh eyes, and all that.
SSH'ing into my linode has been working fine for weeks, but since this morning SSH is failing with "Permission Denied (publickey)".
BTW, the security setup is a non-root public key authentication, using the user "ubuntu".
What I've Checked
Running SSH with -v switch gives:
debug1: Host 'mydomain.org' is known and matches the RSA host key.
debug1: Found key in /Users/daviddoran/.ssh/known_hosts:14
debug1: ssh_rsa_verify: signature correct
and
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/daviddoran/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: /Users/daviddoran/.ssh/ddm-assembla-key
debug1: Authentications that can continue: publickey
debug1: Offering public key: /Users/daviddoran/.ssh/authorized_keys
debug1: Authentications that can continue: publickey
debug1: Offering public key: /Users/daviddoran/.ssh/tender-prod.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/daviddoran/.ssh/identity
debug1: Trying private key: /Users/daviddoran/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
So the SSH client has verified we're dealing with the same host, and tries to use my SSH keys (id_rsa being the correct one).
Also, when I use the AJAX console and run keysviewthe public key line matches my idrsa.pub exactly. Also, my idrsa and idrsa.pub files have modification times of a few months ago, as does the server's sshdconfig.
My SSHD server config is:
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
RhostsRSAAuthentication no
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#MaxStartups 10:30:60
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
AllowGroups sshusers
Interestingly, though the keysview command in lish shows my public key in authorized_keys I can't find this actual file on the server–not sure if this means anything. Other than that I'm all out of ideas, I can't see any pointers to where something is changed or broken.
Any, and all, help appreciated -- thank you.
4 Replies
Not to your server..
Remeber that LISH is your console, which runs on ssh on the linode server.
whereas you want to be ssh'ing to your linode.
So, with that cleared up, I'll add a bit:
I've placed (my id_rsa.pub public key):
ssh-rsa AAAAB3NzaC1y................x0bs33RBfQ== myemail@gmail.com
In the following files:
/etc/ssh/authorized_keys
/etc/ssh/authorized_keys2
/root/.ssh/authorized_keys2
/root/.ssh/authorized_keys
I'm not 100% sure what the setup was when this was working, since it was initially setup with a stackscript. But nothing has changed, to my knowledge.
/home/username/.ssh/authorized_keys
or
/home/username/.ssh/authorized_keys2
/root/.ssh/authorized_keys is no good – you've disallowed root logins
In retrospect it seems blindingly obvious, that ~/ would be /home/ubuntu/ when ubuntu@ is trying to log in. I didn't think to use /home/ubuntu since there was no .ssh folder in there.
What I'm completely baffled about is where /home/ubuntu/.ssh went? It was non existent until I created it to place authorizedkeys and authorizedkeys2 in there a few minutes ago. But over night my setup broke, so presumably it existed previously…
(If anyone's interested, my day-to-day interactions with the server are via an automated git-pull script in /var/www, so I don't access my home folder directly.)
Thanks all.